Navigation

Syndicate

User login

NAGIOS - Win32APIProxy

This NAGIOS plugin allows to remotely monitor Windows hosts in a agentless fashion.

Technically it is using the Win32 API from a Windows proxy server to the remote host. Syntax wise it mirrors NSClient++ features.

Historically my friend decided to move away from HP SiteScope to Nagios. A large amount of 'monitors' (SiteScope lingo, 'service' in Nagios terminology) were related to Windows servers, monitored via the Win32 API, what Sitescope refers as NetBIOS protocol. Installing the NSClient++ agent, new to the team, was a concern for both security and stability of each server. Then naturally came the need to support the existing server infrastructure setup without any change.

Architecture

The Win32APIProxy is a small Perl script which runs on a Windows host. This proxy acts as a bridge between the UNIX world and the Windows world.

Nagios connects to the proxy via HTTP(s) protocol using a POST command, the request is received by Apache Web Server and the proxy, configured as a CGI script, issues a Win32 call to the target Windows host.

The link between the proxy and the proxy must be setup and security on remote host properly setup.

Test with html page. Put temporarily win32test.html inside Apache2\htdocs, open it with your browser, type 'version' in the Command field and click Submit. It should result to a page showing the proxy version, such as 0.01

How to Monitor a Host

To check if step 1 and 2 are required, you can use either the HTML test page or the check script and submit one operation.

Configure host to accept remote inquiries from proxy. Follow steps from http://support.microsoft.com/kb/164018 (which replaces KB Q158438). As a reference, I did this setting for a Windows 2003 Server host

a. Create remote user (in the example 'nagiosusr')

b. Grant read access of HKLM\Software\Microsoft\WindowsNT\CurrentVersion\PerfLib registry entry to 'nagiosusr'. If you forget this step, you will be able to create IPC$ connection, but registry browing will not be possible

c. Ensure %windir%\System32\PERFCxxx.DAT and PERFHxxx.DAT can be read by 'nagiosusr'. xxx is language ID, 009 for english

Script Syntax

$ ./check_win32apiproxy.pl -h
Program: check_win32apiproxy.pl, version:0.01
Usage: check_win32apiproxy.pl -H host -v variable [-w warning] [-c critical] [-l params] [-t timeout]
-H, --hostname=HOST
Name of the host to check
-w, --warning=INTEGER
Threshold which will result in a warning status
-c, --critical=INTEGER
Threshold which will result in a critical status
-l, --params=PARAMS
Threshold which will result in a critical status
-t, --timeout=INTEGER
Seconds before connection attempt times out (default: 10)
-h, --help
Print this help screen
-V, --version
Print version information
-v, --variable=STRING
Variable to check
Valid variables are:
PROXYVERSION = Get the remote win32apiproxy version
Will return warning if check script and proxy version differ
UPTIME =
Get the uptime of the machine
No specific parameters
Warning and critical thresholds (in seconds) can be specified with -w and -c
CPULOAD =
Average CPU load since the last query
Warning and critical thresholds (in CPU busy %) can be specified with -w and -c
USEDDISKSPACE =
Size (GB) and percentage of disk use
Request a -l parameter containing the drive letter only
Warning and critical thresholds (in disk used %) can be specified with -w and -c
MEMUSE =
Virtual and Physical Memory use (MB).
Warning and critical thresholds (in virtual memory used %) can be specified with -w and -c
SERVICESTATE =
Check the state of one or several services. Return critical if at least 1 service is not in SERVICE_RUNNING state
Request a -l parameters with the following syntax: -l <service1>,<service2>,<service3>,...
PROCSTATE =
Check if one or several process are running
Same syntax as SERVICESTATE